From 9ece280e72621544aa164a1d25f09248a1975f8f Mon Sep 17 00:00:00 2001 From: Tom Wiesing Date: Wed, 17 Jun 2020 15:51:20 +0200 Subject: [PATCH] Update GraphDB Dockerfile --- images/triplestore/Dockerfile | 4 ++-- images/triplestore/entrypoint.sh | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/images/triplestore/Dockerfile b/images/triplestore/Dockerfile index 6af0b28..9fb1c77 100644 --- a/images/triplestore/Dockerfile +++ b/images/triplestore/Dockerfile @@ -1,4 +1,4 @@ -# This container contains a Dockerfile for building a GraphDB zip. +# This Dockerfile contains instructions to compile and run GraphDB inside a Docker container. # It is roughly based on https://github.com/Ontotext-AD/graphdb-docker/blob/master/free-edition/Dockerfile # but has been modified for performance and security. @@ -47,7 +47,7 @@ EXPOSE 7200 # setup a healthcheck, that checks if the server is up. RUN apt-get update && apt-get install -y curl -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD curl --fail 127.0.0.1:7200 || exit 1 +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD curl --fail 127.0.0.1:7200/rest/repositories || exit 1 # Add volumes for data, work and logs as these might be accessible from the outside. # To add your own configuration, manually mount a config file into /opt/graphdb/work diff --git a/images/triplestore/entrypoint.sh b/images/triplestore/entrypoint.sh index 6ee3f75..524eec1 100644 --- a/images/triplestore/entrypoint.sh +++ b/images/triplestore/entrypoint.sh @@ -1,10 +1,13 @@ #!/bin/bash set -e -# chown the volumes to graphdb -chown -R graphdb:graphdb /opt/graphdb/data -chown -R graphdb:graphdb /opt/graphdb/work -chown -R graphdb:graphdb /opt/graphdb/logs +# Because we want to run graphdb as a limited user +# we need to make sure that the volumes are writable. +# Because of that, we 'chown' -# run graphdb as a limited user +chown graphdb:graphdb /opt/graphdb/data +chown graphdb:graphdb /opt/graphdb/work +chown graphdb:graphdb /opt/graphdb/logs + +# switch to the graphdb user, and run graphdb su graphdb -c "/opt/graphdb/bin/graphdb $@" \ No newline at end of file